API Friendshttps://apifriends.com
Thriving in the API economy - An Axway blogFri, 16 Feb 2018 14:53:58 +0000en-UShourly1129558535Role of APIs in Microserviceshttps://apifriends.com/2018/02/16/role-of-apis-in-microservices/
https://apifriends.com/2018/02/16/role-of-apis-in-microservices/#respondFri, 16 Feb 2018 14:53:58 +0000https://apifriends.com/?p=9751Microservice architecture is revolutionizing the way enterprises build their technical infrastructure and develop new applications. They are helping number of organizations to minimize the time required for software application projects and to maximize the reliability of backend systems. It is a key factor in the success of various Web-native businesses and is quickly spreading to more […]

]]>Microservice architecture is revolutionizing the way enterprises build their technical infrastructure and develop new applications. They are helping number of organizations to minimize the time required for software application projects and to maximize the reliability of backend systems. It is a key factor in the success of various Web-native businesses and is quickly spreading to more established enterprises, especially those currently focused on innovation, the application economy and digital transformation.

Once you’ve decided microservices are right for your organization, keep the strategies discussed here in mind as you make the switch.

In 2017 we saw Organizations Bridge the gap between micro services and traditional systems with APIs to promote development speed and agility.

API’s play a crucial role in facilitating microservices. For a microservice architecture to function, the infrastructure’s components must be able to interact. Each individual microservice must be able to communicate with every other microservice in the architecture as well as with the applications and Web sites they power and the databases from which they draw real-time information, essential to their functioning.

A successful microservice architecture requires APIs defined for communicating between individual services. Therefore, each microservice must have an interface, which is why the API is a vital enabler of microservices. Only when you have well-defined APIs as the communications path between services can you truly take advantage of the team scaling capabilities that microservice architectures offer. Being based on the open networking principles of the Web, RESTful APIs provide the most logical model for building interfaces between the various components of a microservice architecture. In order to better expose services via APIs, a common interface for these APIs needs to be present to tell exactly what each service is supposed to do.

Here are some common ways APIs and Microservices combination will enable eco-systems and fuel innovation.

Design first approach: Because microservice architecture is predominantly an enterprise-grade motion, and as such, it’s important to give APIs exposing the microservice data a first class treatment. Many organizations have adopted a Design First approach to building microservices, which involves designing and defining the interface of the microservice first, reviewing and stabilizing this contract, and only then implementing the service. The Design First approach ensures that your services are compliant with the requirements of the client upfront, before any actual development has taken place.

Security: As Enterprise adopt Microservices at a rapid pace, Security Architects will start losing control and visibility of these services and APIs. Security breaches will be more prevalent and communication other issues that may have been previously implicit are now forced out into the open. However, API Gateways in Microservices can solve these issues by standing in between as an abstraction layer that sits on the execution path of every request that goes to one of these microservices.

Data Orchestration : Each and every microservice in your system must have a well defined and documented API. This API is the “contract” that exists between different service owners. API Management vendors like Axway have understood this pain for a while and added capabilities to their offerings for example Axway API Builder – in order to support non-tech people to rapidly build better APIs and run them.

Public and private APIs: Public APIs are used to communicate commitments on functionality and performance between an application and the people who consume that application. Private APIs are used to communicate commitments on functionality and performance within individual development teams that own different services within the larger application. These internal APIs are just as important as the public APIs your company exposes. One notable area where a public and private API differs is in security and enforcing of service limits and constraints. The need for security and service limits is obvious for public facing APIs, but what about private APIs? It is easy to dismiss security and service limits as not important for private APIs. After all, the consumers of your private APIs and the owner of those APIs all work for the same company, and presumably have the same goals and commitments. While this is generally true, there are still reasons why you may want to deploy an API management solution to help automate authentication, authorization, and service limits for both your private APIs and public APIs.

As microservices based on emerging technologies such as containers or more mature Java programming tools continue to evolve, API management is becoming more critically important. Each microservice generates its own API that needs to be maintained as each microservice gets continually updated. That requires an API management solution that can support all levels of API call activity that once would have been assumed to be unimaginable.

]]>https://apifriends.com/2018/02/16/role-of-apis-in-microservices/feed/09751How AI is transforming customer experiences and the role of APIshttps://apifriends.com/2018/02/05/how-ai-is-transforming-customer-experiences-and-the-role-of-apis/
https://apifriends.com/2018/02/05/how-ai-is-transforming-customer-experiences-and-the-role-of-apis/#respondMon, 05 Feb 2018 16:20:58 +0000https://apifriends.com/?p=9739Here is an interesting article from Axway’s Suraj Kumar, Vice President-Global Solutions Management on how AI will help drive your CX strategy to differentiate and innovate in a competitive market. The true value of IoT lies in its ability to revolutionize user experiences, whether that is in your home, in the office, within your car or even […]

]]>Here is an interesting article from Axway’s Suraj Kumar, Vice President-Global Solutions Management on how AI will help drive your CX strategy to differentiate and innovate in a competitive market.

The true value of IoT lies in its ability to revolutionize user experiences, whether that is in your home, in the office, within your car or even as you walk down a sidewalk. Embedded sensors are generating the data that is powering a new revolution for business and their consumers — the power of customer experiences, or CX. As various industries face commoditization on a grander scale than ever before, CX has become the prime differentiator in driving differentiation and consumer purchases. Modern businesses must reprioritize around CX to optimize on costs and provide better user experiences, ultimately driving customer and brand loyalty.

Driving deeper customer engagements will mean using technology to provide the data-driven capabilities that can revolutionize CX. This is where artificial intelligence comes in. Simply put, AI is the simulation of human intelligence processes by machines. This opens a plethora of new possibilities for enterprises, as AI is both scalable and efficient and can enable a business to automate repetitive processes that may be extremely time-consuming for a human employee to perform. By combining the extensive data capabilities of IoT with the data processing capabilities of AI, a business can truly understand the individual customers and craft a predictive customer experience, as opposed to traditionally reactive customer experiences.

These AI-driven experiences take shape in a variety of different ways. For example, AI in CX can come in the form of a chatbot, intelligent voice-operated system or even in AI-driven applications that can provide translation services and pertinent data directly to the customer. Other ways of using AI in CX include the transformation of more back-end services, such as using machine learning to process and customize data traveling to and from an enterprise and its customers.

How AI can transform CX today

AI is not a single technology, but rather a class of different capabilities that can be applied to many different functions and contexts. Here are a few use cases where AI can feed into your CX strategy:

AI in natural language processing (NLP) based on speech recognition/synthesis.Natural language processing uses AI to “understand” speech requests using a combination of speech recognition and speech synthesis. Specifically, speech recognition technology is used to understand what the person is saying and speech synthesis is used to formulate a response. NLP can transform CX via the use of automated customer service and personal assistants.

Using AI and machine learning to customize and predict outcomes. Machine learning can be used to train a system to handle requests around a variety of functions. Once trained, a machine learning-enabled system can ultimately be used to understand needs of the customer, customize interactions with customers or predict specific outcomes based on a set of defined events.

AI in image recognition. AI can process images to detect specific objects in an environment and enable other interactions. For example, a retailer can use AI via in-store cameras to analyze queues and the number of shoppers in the store, enabling the retailer to reduce checkout times by automatically summoning cashiers to help with checkout. Additionally, retailers can use in-store images to analyze gender, age, body type, style and other attributes in order to make personalized wardrobe recommendations.

Although AI isn’t the Holy Grail in remediating every problem faced by today’s enterprises, the AI technologies available today can prove overwhelmingly effective when used to transform CX and may be easier to implement that you think. Specifically, enterprises can begin infusing AI capabilities in existing applications that power customer service on mobile and IoT devices as well as via web applications.

Adding AI into your applications via APIs

Infusing AI into your existing applications isn’t as difficult as it sounds. By using application programming interfaces (APIs), enterprise and application development professionals can introduce AI capabilities into their apps without needing an AI-dedicated engineer or data scientist to manage the actual machine learning and data training process.

Major enterprise cloud vendors, such as Microsoft, IBM and Google, as well as a number of emerging vendors, are already offering a rich set of AI APIs that can be easily accessed from the cloud, enabling enterprises to easily integrate these APIs into existing applications and add AI functionality in use cases such as vision, speech, language and conversational assistants. For developers of IoT, mobile and cloud applications, all that is needed to do is “call” the API within an application to utilize these functionalities. For example, a natural language processing API can be used to automate actions based on certain written requests or to process and react to insights around historic customer interactions.

APIs provide a simple and easy-to-scale approach to integrating AI in your IoT applications and beyond. As today’s enterprises are facing a flood of new data from sources like mobile and IoT devices, infusing AI APIs in your applications may be key to ensuring unique and customer-centric experiences.

What’s next for AI in CX

Although AI is on its way toward being extensively used in the enterprise, customers of tech-savvy companies are already benefitting from AI use cases through the implementation of developer-friendly tools such as APIs. For example, we are already seeing AI-driven technology via chatbots, which have quickly become a staple of customer service in online shopping.

With the right approach and training, AI will continue to improve its ability to intelligently process data and drive automation. This, in turn, will help improve the state of CX as systems learn and adapt, enabling more predictive, personalized and timely customer service. To keep up with our increasingly digital world, it will be essential to consider how technologies like AI will help drive your CX strategy to differentiate and innovate in a competitive market.

]]>https://apifriends.com/2018/02/05/how-ai-is-transforming-customer-experiences-and-the-role-of-apis/feed/09739How API and Artificial Intelligence can be complementary?https://apifriends.com/2018/01/23/how-api-and-artificial-intelligence-can-be-complementary/
https://apifriends.com/2018/01/23/how-api-and-artificial-intelligence-can-be-complementary/#respondTue, 23 Jan 2018 14:44:50 +0000https://apifriends.com/?p=2453API (Application Programming Interfaces) and AI (Artificial Intelligence) have only one thing in common. They are both very old technologies that have been revamped in the recent years to see a phenomenal upsurge in their adoption. Both terms have been around since the early 1980’s. AI was initially based on rule resolution to develop expert […]

]]>API (Application Programming Interfaces) and AI (Artificial Intelligence) have only one thing in common. They are both very old technologies that have been revamped in the recent years to see a phenomenal upsurge in their adoption. Both terms have been around since the early 1980’s.

AI was initially based on rule resolution to develop expert systems. Over the last decade, AI technology has become based on neural networks, allowing for pattern recognition, machine learning and prediction. API, on the other hand, were the interfaces used to factorize software modules within a single application, or within the enterprise information system. They have evolved over the last decade to become REST protocol compliant, based on standard formats such as XML and JSON, that allow for reuse of services over the entire Internet.

If these technologies have so little in common, how then can they be complementary? Given their popularity and potential, finding use cases for putting them together can be promising.

API for AI

There is nothing new here under the sun! Using API to publish AI services have been around for some time. Examples of API for AI abound, of which we can cite some prominent examples (see here for more details) :

Wit.ai : Wit.ai is a popular natural language processing platform that makes it possible for developers to add intelligent speech functionality to web and mobile applications. Developers can use the Wit.ai API to add an intelligent voice interface to home automation, connected car, smart TV, robotic, smartphone, wearable, and many other types of applications.

AlchemyAPI : AlchemyAPI, provides a suite of deep learning-based cloud services that include AlchemyLanguage, AlchemyVision, and AlchemyData News API. AlchemyAPI provides more than a dozen APIs that developers can use to add machine learning-powered features to applications such as sentiment analysis, entity extraction, concept tagging, image tagging, and facial detection/recognition.

AI for API

This is a more interesting and challenging topic. How can AI help in analyzing the API calls, the inbound and outbound data flows, in order to help API owners see what they would not otherwise see with the naked eye, or via basic statistical analytics? It is in the nature of neural-networks based AI to require massive quantities of data in order to learn patterns before it can recognize similar patterns or predict future behavior. API flows, given they can amount to huge volumes over time, can be a great source of learning for AI tools. Unfortunately, most of API data flows today are stateless, and data is forgotten as soon as the call is terminated.

Let us list here a couple of “AI for API” examples:

AI for API security

This is typically what the company elastic beam provides. API are the open door to sensitive data and require a great effort to secure. AI can help analyzing secure threats and detect cyberattacks. AI can detect attacks such as Data Exfiltration, Advanced Persistent Threats (APT), Data Integrity, Memory Injection , DDoS API attacks, Login service DDoS, and so on.

The advantage of using AI for blocking security attacks is twofold. Firstly, AI is self-learning, which means you do not have to constantly update an enormous base of rules and policies, it can also adapt itself to the changing technical or business environment. Secondly, AI is based on well-known and solid mathematical models, which means that in theory it can be more accurate and efficient than a set of human-coded rules. If you can trust that a driver-less car is safer than an ordinary car, then you might as well accept this fact about AI for API.

AI for API business flows

Early in the 80’s, they used to say that a software program is defined by its API. Now that API have become the interface to the enterprise business services, we can safely say that a company’s part or entire business is defined by its API. API services can span the entire product life-cycle, the entire supply chain, as well as the financial transactions.

API calls and dataflows ARE the company’s business.

By using AI to analyze the API dataflows, you can cover the entire customer relationship spectrum. Early on in the sales cycle, you will be able to categorize and weigh the lead, predict a future purchase behavior, and tailor appropriate sales and marketing campaigns accordingly. By analyzing supply chain events, you can optimize stocks, shorten delivery delays and predict any order fulfillment issues before damage occurs. By analyzing customers behavior, you can later predict any possible payment delays and optimize your cash recovery. SideTrade provides AI based tools for a full vision of the customer relationship. Although they are not necessarily hooked on real-time API calls, they provide a good example of what AI coupled to business API can do.

Lean defines waste as anything that stops an organization from getting on with value-adding work. By eliminating waste, Lean gives operational staff more time to work more effectively and achieve more. In general, Lean identifies three categories of activities:

Value-adding: this is the crucial activity that delivers customer value, and that a customer would be willing to pay for the organization to do

Non-value adding (but necessary): activities such as auditing, health and safety and so on that are required for legal or regulatory reasons but that do not directly add customer value

Waste: any other activity that does not add value and is not required

Lean Thinking uses a range of tools to identify and remove wastes from a process, starting with value stream mapping: the value stream being the flow of work and information from the start of the process right through all process steps to the completed process output. Lean wastes are usually categorized as one of 8 types as follows:

Transport. E.g: Hand-offs of work between processes or teams

Inventory / Stock. E.g: Built up work in progress (“WIP”) or finished work

Movement. E.g: Having to move unnecessarily because of the inappropriate location of needed tools

Delays / Waiting. E.g: Waiting for approvals/sign-offs, or other work to finish OR Missing deadlines

Overproduction. E.g: Processing on a schedule rather than on demand OR Doing more than is necessary “just in case”

Skills / Talent. E.g: Inappropriate use of staff skills e.g. using over-qualified staff for simple tasks OR Having staff do only non-value-adding tasks

Real-time Operational Intelligence tools (such as Axway Decision Insight), through its ability to track and display process activity in real time, can help Lean practitioner to quickly identify and measure where wastes such as WIP, delays, hand-overs, over-production, over-processing or defects are occurring, allowing systemic action to remove these wastes. The real-time analytics capabilities of such tools enable Lean practitioners:

to map out and collect real-time data for the complete end-to-end value stream for any number of processes

to identify problems before or as they happen, allowing early active intervention to prevent wastes such as defects or delays impacting the process or delivery of customer value

Real-time Operational Intelligence tools allows measuring not only volumes and timings, crucial to spotting where wastes are occurring, but also the financial value of doing (or not doing) an activity per process step or work item. This allows targeted intervention on the highest cost wastes and confirmation of the impact of waste removal activities in both work (volumes and timings) and financial (cost savings) terms. With the ability to integrate real-time data from multiple systems and sources, the tools allow waste to be identified as it happens and corrected immediately, leading to faster decision making, identification of improvement opportunities and facilitating continuous improvement. Moreover, by providing an end-to-end view of the complete value stream, they help avoid the problem of sub-optimization; that is, improving individual parts of the process without improving the whole process. Some examples of how such tools support identifying and removing waste are:

]]>https://apifriends.com/2018/01/23/operational-intelligence-removes-waste/feed/09692Why do you need API technology in retail ?https://apifriends.com/2018/01/19/why-do-you-need-api-technology-in-retail/
https://apifriends.com/2018/01/19/why-do-you-need-api-technology-in-retail/#respondFri, 19 Jan 2018 11:25:03 +0000https://apifriends.com/?p=9720Year over year from 2006 to 2016, Amazon grew by 27% on average (1). Its online eCommerce business, per Deloitte, has even seen peaks at 850% when other eCommerce sites grew at an average rate of 20%! Over the same period, the brick & mortar retail market grew, as it should do, at the rate […]

]]>Year over year from 2006 to 2016, Amazon grew by 27% on average (1). Its online eCommerce business, per Deloitte, has even seen peaks at 850% when other eCommerce sites grew at an average rate of 20%! Over the same period, the brick & mortar retail market grew, as it should do, at the rate of the GDP, around 2-3%. When it comes to eCommerce or retail, there is Amazon, and then there is everyone else.

By Acquiring Whole Foods, Amazon has struck two strategic objectives at once. No wonder why the capital value of Amazon soared up by more than the 13$ billion spent on the acquisition, whilst other brick & mortar retailers lost as much on the same day.

Secondly, Amazon has finally concluded that online eCommerce alone is not the way to go. Neither is brick & mortar alone. A shopping experience is one that is customer-centric, that allows customers to weave their shopping journey across digital and physical retail as if they’re not two separate things.

Physical and virtual retail, however, are not the only pieces of the huge retail ecosystem that contribute to the customer experience. As you can see in the diagram, many other entities contribute to fulfilling the customer journey, such as suppliers, banks, governmental agencies, 3PL and so on.

Collaboration between retailers and external entities will balance and complete what they do themselves. A typical example is how retailers move the responsibility for replenishment processes to suppliers – for example in direct store delivery. But one of the roadblocks is trust. If retailers want to move the responsibility of replenishment to suppliers, they must give them full visibility on store stock, sales, and all other relevant data.

Unless you can acquire the entire retail ecosystem above, you will need to adjust your processes, data flows, and governance to be part of it, as if it were a single entity at the service of the customer experience. Going forward, and to better serve the customer, organizations need to further tap into their entire ecosystem of employees, suppliers, partners, external data sources and services – what Axway calls customer experience networks – whether the customer is in a B2B or B2C industry.

Implementing a CX Network is largely about creating a community. Its success will reside in how fast you can achieve a critical mass of interactions with your ecosystem organizations. From a technical point of view, you will need an integration platform with at least the following capabilities:

An API Management layer that allows you to publish your service interfaces and make them accessible to all CX Network members, whilst enforcing security, authentication and confidentiality of information.

]]>https://apifriends.com/2018/01/19/why-do-you-need-api-technology-in-retail/feed/09720Workplace Challenges for Wearableshttps://apifriends.com/2018/01/18/workplace-challenges-for-wearables/
https://apifriends.com/2018/01/18/workplace-challenges-for-wearables/#respondThu, 18 Jan 2018 15:09:58 +0000https://apifriends.com/?p=9710While the success of Apple Watch has attracted the most attention when it comes to enterprise wearables in the workplace, the market is beginning to split into battles for the wrist (and borrowing from Neil Cybart), the eyes (e.g. Google Glass) and the ears (e.g. AirPods). Not to mention wearables for the body—smart garments and […]

]]>While the success of Apple Watch has attracted the most attention when it comes to enterprise wearables in the workplace, the market is beginning to split into battles for the wrist (and borrowing from Neil Cybart), the eyes (e.g. Google Glass) and the ears (e.g. AirPods). Not to mention wearables for the body—smart garments and (God forbid) implantables (Now, apparently, a word).

Adoption of such technology comes with a practical limitation—we each have only so many wrists and assorted body parts. And let’s not discount the fact people will naturally resist adorning themselves with devices throughout the workday. Nobody wants to walk around the office looking like they’ve just been assimilated by the borg.

Now none of this is to say that wearables won’t or shouldn’t be introduced to the enterprise, but we should maintain reasonable expectations, establish some guidelines, and address reasonable and practical workplace concerns.

But first, let’s take a look at the 4 major wearable food groups.

The Wrist: This is the wearable (ie: smartwatches) we’re all familiar with by now. Though it’s no longer much of a battle for your wrist now that the only legitimate contenders are the Apple Watch and some fitness-only devices from Fitbit and Garmin. Yes, Android Wear exists, but mostly in theory alone. Google hasn’t updated Android Wear since the start of 2017 and few new products leverage the platform out in the market. Most new devices are from existing watch makers like Fossil who don’t want to be left behind (but also want to avoid positioning themselves as anything more than another SKU among traditional timepieces). And when you look at shipment data on a brand-by-brand basis, the Android Wear story gets even sadder. The challenge is twofold: notwithstanding the recent availability of 4G-enabled smartwatches, both Apple and Android watches are tightly tied to their smartphone platforms. So any corporate strategy for these wearables needs to be aligned with a broader device or platform strategy. But given the bigger gap in design and functionality between watch models, designing for parity between brands will no doubt prove more challenging than on the phones themselves. The other issue is that, in many cases, users already own a watch. The human wrist is valuable real estate. And to simply assume customers will strap yet another thing onto it is, shall we say, questionable at best. If I already use a smartwatch and my company tries to get me to wear another one—that’s a problem. Obviously, nobody’s going to wear two watches. And if the user finds the company watch ugly, we literally have yet another problem on our hands. Jaguar recently committed a similar faux pas while touting their new “Activity Key”—a Fitbit-looking device that does absolutely nothing other than unlock your car when you put your wrist near it. A much smarter move would have been to produce a Jaguar-branded watch band that could be swapped onto my Apple Watch and would serve the same function. Additionally, they could deliver a companion Apple Watch app to display data, lock the doors and remote start (Hyundai offers this). So as a lesson to enterprises, think about how you might leverage smart bands for your employees’ smartwatches without going down the custom solution road. What sensors can you add to the watch? Which can you simply leverage? Steve and I discussed this idea in this episode of the Device Squad podcast, along with Bernard Desarnauts, founder of Wristly.

The Ears: I’m not really sure this is even a thing. Mostly centered around Apple’s AirPods (which are great…I only wish they fit in my ears—a pretty big issue with respect to adoption). As with many great technologies, AirPods were presaged in science fiction. If you’ll recall, Spock and Uhura always had an earbud-thingy in one ear while on the bridge.

But to me this “segment” of wearables is more about voice interaction with computers, which is best embodied by semi-intelligent assistants (Siri, Alexa, Google, Cortana) and devices such as the Amazon Echo. As it relates to the enterprise, I suspect we’ll be hearing more about beam-forming microphone arrays and office speaker systems than making everyone walk around wearing AirPods all the time. Think Picard on the bridge, speaking aloud to the Computer. The exception is that in industrial or manufacturing environments, bone-conducting headphones will likely hold sway.

The Eyes: This is ‘wear’ the debate gets heated. There’s no question humans are visual creatures. Phrases like “you know it when you see it,” “a picture is worth a thousand words” or “seeing is believing” are not part of our lexicon by accident. The question is not whether technologies like AR or VR are valuable. Of course they are. Or whether hands-free access to information is valuable. Of course it is. But this doesn’t mean head-mounted displays are the answer (though in the short term it may be our only answer).

I would counsel companies not to worry about “the market” for wearables or any of the predictions-sure-to-be-wrong from analysts and pundits (except for me—you can totally trust me). The truth is most of today’s technologies are in very early stages of maturity. VR has very narrow use cases but AR has a ton of applicability to many jobs. Unfortunately, the devices are not cheap—though the impact on human interactions should not be underestimated. An appropriate strategy would be to look for the most impactful use cases where the user needs both hands free to perform their job (e.g. doctors performing surgery, field engineers/technicians working on equipment or diffusing a bomb) rather than thinking about the average office worker or consumer. Note how Google Glass is pivoting to industrial applications from its original consumer push.

While working at Kyocera many years ago, I advised management to position the Iridium satellite phones at industrial applications—like oil rigs—which are less price sensitive and have unique problems perfectly suited for satphones, versus trying to market to consumers and compete against traditional cellular phones, when satellite technology provided little to no advantage whatsoever yet required an entirely different economic model. Perhaps eventually the size, weight, cost and quality of head-mounted AR devices will improve such that it will be beneficial for a wider audience. But by then we may all have what we really want—holograms that not only display information, but also allow the manipulation of objects (think Tony Stark).

The Body: If I had any advice to give on wearables it would be to leave this one for last. Partially because the category is all over the map. Things like badges that detect if you’ve been exposed to radiation. Listen. If you’ve got employees working in an environment where there is the potential for radiation exposure, I hope you’ve got something like this in place already. Or else you have a strong HR and recruiting (and/or legal) team. But seriously, the category of body wearables covers a lot of ground. They could be sensors built into employee uniforms or smart materials that react to inputs (like Batman’s cape in The Dark Knight). They could be body cameras. They could be communicators a la Star Trek: The Next Generation. They could even be some manner of exoskeleton (think Doc Oc’s arms or Iron Man’s suit). Likely the applicability would be to a few specific roles. And if that’s the case, proceed with investigating and scoping (more on this later). It’s easy to get caught up in the hype. But what you want to avoid are science projects. Hype even led two huge brands–Levi’s and Google–to team up and release the awkwardly named $350 Levi’s® Commuter Trucker Jacket with Jacquard by Google. A device they call a Jacquard snap tag gets holstered into a sleeve and connects to your phone via gestures. “With a tap or brush of the cuff, you can control music, screen phone calls or get directions. A few simple gestures keep you on course, in touch, and connected.” For some reason it can only be washed ten times (and yes, you have to remove the tag before you wash the jacket).

How to Proceed

Since we are still very early into the wearables maturity curve, the use cases are likely going to be role-dependent rather than relevant to the entire organization. So start by running a few Ideation Sessions to identify some specific user-driven use cases, understand the potential business impacts and prioritize the ideas.

Focus your efforts. Take the top 3-5 ideas in your prioritized list and expand upon them. What is the business process? How would wearables impact/change that process? What are the expected benefits? What type of wearable do we think is applicable? Run a Day-in-the-Life to make sure you fully understand your employees’ daily job tasks. These types of activities always help uncover hidden opportunities for process reengineering—something particularly relevant to wearables.

Next, pick one concept to advance to the next stage. Depending on your organization, trying to complete too many bleeding-edge projects at once usually doesn’t end well.

Once you have the category of wearable defined, analyze the resources available to fulfill that vision. Yes, there’s Apple Watch and Google Glass, but dozens of startups (as well as established companies) are busy rummaging about the space. But beware of slideware. Run a POC to make sure the devices on your short list can actually deliver on the capabilities you require. Then build a prototype to see if your idea actually works the way you hoped. We turn to Axway for our prototype solution. Their Mobile Application Development Platform (MADP) Appcelerator lets us generate pixel-perfect, working, native on-device mobile app prototypes in no time flat. Our business literally depends on it!

How to win over employees

This hearkens back to my headline. If you’re going to try to move forward, at some point you will get push-back. The best way to mitigate this is to get input and buy-in early on from the employees who’ll actually be using the wearables.

At this point, some of you may be thinking, “But if they want to work here, they’ll use whatever we tell them to.” This is partially true. We make many decisions regarding what laptops and software our employees use. When we choose manufacturing equipment, we don’t ask permission from employees before we buy a new CNC machine or other heavy equipment.

But wearables are different. These aren’t simply devices you manipulate, they are ones that are on their bodies.

Invite the folks in the roles you’re trying to support to be part of the journey–from line workers to office workers to field techs. Identify an old sage or two, some up-and-comers, as well as those technophiles enthusiastic about trying new things. Bring them in for the ideation sessions (of course they are front-and-center during the Day-in-the-Life experiences) and also have them participate in the POC and Prototype design sessions. Most of all, get their feedback on the results of each session. The worst way to proceed is to have the “suits” design something uncomfortable, ungainly, unsightly, or flat out unsuitable to the way employees actually work.

With engagement all the way through the process, you’ll have a better chance at buy-in from the employees involved and they will become your evangelists to the rest of their peers as you roll it out to the broader community. But more importantly, you’ll have a far better product for it.

]]>https://apifriends.com/2018/01/18/workplace-challenges-for-wearables/feed/09710Why Mobility is the key enabler of Digital Transformationhttps://apifriends.com/2018/01/11/mobility-enabling-digital-transformation/
https://apifriends.com/2018/01/11/mobility-enabling-digital-transformation/#respondThu, 11 Jan 2018 13:21:47 +0000https://apifriends.com/?p=9697Digital Transformation involves a radical rethinking of how an organization uses technology in pursuit of new revenue streams or new business models. The drivers tend to be disruption from market newcomers or innovation from rivals seizing the opportunity to win new customers. Technology alone does not drive digital transformation. Rather, businesses must reshape the way […]

]]>Digital Transformation involves a radical rethinking of how an organization uses technology in pursuit of new revenue streams or new business models. The drivers tend to be disruption from market newcomers or innovation from rivals seizing the opportunity to win new customers.

Technology alone does not drive digital transformation. Rather, businesses must reshape the way they strategize, utilizing technology to find more efficiencies and opportunities for collaboration.

Digital transformation can also be explained as the way in which technology is impacting how we interact with the world. Mobility—in its broadest definition is that smart and connected technologies can eliminate the friction in business processes and no doubt is the key enabler of digital transformation.

It is evident that Mobility has emerged as a business-critical platform that is driving digital transformation. Therefore companies must adapt or risk being left behind by their competition.

Mobile is The Face of Digital

Mobile came and conquered in many industries, audience, traffic and transactions — both in numbers and dollar values. In 2017, mobile evolved from a standalone channel to a baseline for all digital experiences. Mobile continues to elevate customer expectations and there is no question that mobile moments are the battleground to win, serve, and retain your customers.

App usage as we know has peaked in 2017 beginning to take on monolithic apps to offer more convenient mobile experiences. Ecosystems like Amazon Alexa, Apple iMessage or Siri, Facebook Messenger, and WeChat offer convenient access to content and services through conversational interfaces. As consumers spend more time within mobile-enabled experiences and ecosystems, these platforms dominate mobile strategies.

Understanding the importance of Enterprise Mobile strategy

Mobile software engages people. Enterprise Mobility enables employees to connect into core processes and participate even if they are not sitting at their desk. Enterprises that have not yet incorporated these strategies will struggle with anything in digital transformation.

From consumer software like mobile apps and social media to digital photography to gaming, we engage more with technology if we can take it with us. In an industrial or business setting, enterprise software that can be accessed using a mobile device turns this increased level of engagement into specific benefits that could represent opportunities for digital transformation in many industries.

Mobility is important because it:

Improves the customer experience in field service environments.

Increases productive time of technical staff by allowing them to interact with systems like enterprise asset management or computerized maintenance management systems while in the field or at the machine on the plant floor.

Improves the amount and quality of information available to those servicing assets or customers, allowing more efficient service and first-time-fix in field service environments and more reliable troubleshooting and less down time in a plant environment.

Induces users to engage with software systems more frequently, increasing return on investment in enterprise software.

Lacking support for the mobile enterprise, companies will be prevented from digitally transforming their operation in many important ways for example, total cost of maintaining capital assets will be higher and quality of asset data will be lower than in organizations with less enterprise mobility.

Lead your Digital innovation by taking control of your Mobile Destiny

Mobile-first approach: Forrester report suggests to embrace a “mobile-first,” if not “-only,” approach to design and delivery. As per their prediction, fast followers will embrace a mobile-first or -only approach delivered through Agile processes. Early adopters have already done so in the past 18 months. “Mobile-only” doesn’t mean design for just one channel; rather, that mobile will be the primary design parameter. Delivery will follow design.

Design-thinking: Apply design thinking to drive business results, not just digital engagement. Organizations should add design-thinking expertise to their mobile delivery teams to engineer and implement downstream changes in employee workflows and physical spaces to keep pace with mobile enhancements to experiences.

Mobile Engagement Automation: Enterprises should invest in tools like mobile engagement automation to transform standalone touch points into holistic customer journeys that even go beyond digital. Anticipating consumer needs with context and automating the engagement to deliver just the right content — to the right person, in the right channel, at the right time — demand sophisticated technology capabilities. These include machine learning to harness and activate customer intelligence and automation to deliver real-time interactions.

As businesses continue to seek transformative digital strategies they need to look at mobile focused solutions. Implementing Enterprise Mobility is no longer a consideration, but a mandatory element in any business plan. The proliferation of digital workforce and need for high quality mobile applications will continue to accelerate digital transformation and provide enterprises with new ways to leverage mobility in their business strategies.

]]>https://apifriends.com/2018/01/11/mobility-enabling-digital-transformation/feed/09697Virtualization, Containerization and DevOpshttps://apifriends.com/2018/01/10/virtualization-containerization-devops/
https://apifriends.com/2018/01/10/virtualization-containerization-devops/#respondWed, 10 Jan 2018 09:52:15 +0000https://apifriends.com/?p=9682When deploying an API management solution, you need to integrate it within your own infrastructure. Hence, you need a solution that fits with your existing infrastructure strategy, whether it’s virtualization or containerization and that can fit within a DevOps process. All those terms are not buzzwords but reality and I decided today to put together […]

When deploying an API management solution, you need to integrate it within your own infrastructure. Hence, you need a solution that fits with your existing infrastructure strategy, whether it’s virtualization or containerization and that can fit within a DevOps process. All those terms are not buzzwords but reality and I decided today to put together some terminology definition for everyone to understand what this really means.

Virtualization

Virtual machine: a virtual machine (VM) is an emulation of particular computer system, its resources such as CPU, RAM and DISK space.

To better understand, imagine a hotel that has one giant room for one guest. Nobody needs that much space, so 90% of the building goes unused.

Similarly in IT, using virtualization, it will be more efficient to divide a computer’s resources – like processors, memory and storage… then assign these resources to virtual machines and each one is capable of hosting its own operating system and application.

Containerization

Container: a container wraps a piece of software in a complete filesystem that contains everything need to run: code, system tools, system libraries – anything that can be installed on a server.

Docker container: an open source development platform. Its main benefit is to package applications in “containers”, allowing them to be portable among any system.

In 1955, Malcolm McLean, a trucking entrepreneur from North Carolina, USA, bought a steamship company with the idea of transporting entire truck trailers with their cargo still inside. That is the birth of shipping containers.

Benefits:

Standardization on shape, size, volume and weight.

Massive economies of scale. Reduction in shipping costs.

Seamless movement across sea, rail and road.

So by applying a similar concept, Containers like Docker is a solution that lets software run reliably when moved from one computing environment to another. This means that the application will run in the developer’s laptop then to a test environment then finally to a production environment.

Docker container benefits:

Cost savings: The nature of Docker is that fewer resources are necessary to run the same application. Organizations are able to save on everything from server costs to the employees needed to maintain them.

Portability: Applications that are running on Docker can run on developer’s laptop to On Premise infrastructure or to the Cloud (like Amazon’s, Google’s or Microsoft Azure) or to PAAS like OpenShift by Red Hat or Bluemix by IBM.

DevOps

DevOps: A combination of practices and tools that increases an organization’s ability to deliver applications at high velocity. This speed enables organizations to better serve their customers and compete more effectively in the market.

Continuous Integration: A practice that requires developers to integrate code in a code repository (e.g. Github, SVN) several times a day. Each check-in (commit) is then verified by an automated build and testing, allowing teams to detect problems early.

Continuous Deployment: A strategy for software releases wherein any commits that passes the automated testing phase is automatically released into the production.

Stephane Castellani: Hi Bernard, can you please present Elastic Beam in a few words?

Bernard Harguindeguy: Elastic Beam is focused on protecting API infrastructures, and the digital assets they connect, from hackers and botnets. We deliver automated blocking of cyberattacks in hybrid and multi-cloud environments as well as deep visibility into all API traffic for forensic and compliance reporting.

Our HQ is located in Redwood City (heart of Silicon Valley) with Sales offices in Denver and Australia.

A friend, Uday Subbarayan, and I founded the company in December of 2014 to address a need that we knew would become very painful quickly for DevOps and security teams.

Including consultants, the company has over 30 employees. Elastic Beam surfaced from stealth mode in July of 2017 and has built quickly a business in several market segments including Banking (Open Banking/PSD2), Insurance, Healthcare, Telco, IoT, and government. Elastic Beam is working with a number of 3 letter agencies and an array of household names.

Detects and automatically blocks cyberattacks on REST and WebSocket APIs in multi-vendor and multi-cloud environments

Auto discovers all APIs and all connected IPs to make sure that no API is left unprotected

Provides, via dashboards and reports, complete visibility into all API traffic – down to every method used at any time by anyone or “thing.”

Understanding what’s going on with APIs and delivering strong protection is a big data problem. So our solution uses advanced Artificial Intelligence algorithms to sort out all API sessions and traffic – at very large scale, identifies those that are abnormal or suspicious for automated blocking, and delivers compliance and forensics reporting with rich details on all transactions.

We can even give you every URL name that hackers are trying on the API infrastructure as they probe the environment looking for ways to access and use the APIs.

Our API Deception (patent pending) is further technology that we combine with AI to deliver a honeypot environment with “fake APIs” to instantly recognize hackers – and block them from using the real APIs.

But the best is that the use of AI enables us to deliver solutions that require absolutely no signatures and no rules to program in order to detect new and changing attacks. Security is self-learned and most of the deployment is automated.

SC: Why is API security so important today?

BH: API deployments are accelerating as businesses are embracing digital transformation initiatives and using APIs to provide connectivity to data and line-of-business apps. As such, they represent a new attack surface that is increasingly targeted by hackers to take over accounts, steal data, steal photos, delete data, commit fraud, shut down services, disable mobile apps, take control of industrial systems, etc.

We are all witnessing an influx of attacks on APIs these days but most go undetected as organizations are still wrestling with this new set of threats. Yet, Instagram, the IRS, Snapchat, Jeep, Apple, and others had to apologize for well publicized attacks that used their APIs to steal consumers’ private information or remote control a car.

The deployment of a API Cybersecurity solution must go hand-in-hand with the roll-out of any digital transformation project. Gartner, 451 Research, The API Evangelist, David Berlind of Programmable Web and many others are calling the industry’s attention to this issue.

SC: How do you complement existing API Gateways and their embedded threat protection mechanisms?

Incremental security layers that protect against a broad range of API cyberattacks

Attacks that attempt to bypass or defeat Login systems

Attacks that use stolen cookies or tokens to access data and apps behind the APIs

Hackers probing for API vulnerabilities

DoS and DDoS attacks on APIs to disrupt or cripple services – many can only be detected with AI as they target specific APIs and are not about flooding with volumes of requests. Also many attack the API memory or the session management service.

Post login attacks on data, apps, and systems from hackers that defeated the access control with brute force or are using compromised credentials. Leads to data theft, account take over, remote control of systems and applications, etc.

Rich API traffic visibility, as well as Forensics and Compliance reporting

Gain unique insight into all API activity with dashboards and in-depth reporting

Accelerate gathering of evidence after an attack to expose all activity

Hybrid/Multi-Cloud security that automates attack blocking across clouds and prevents terminated hackers from reconnecting though another connected cloud.

Elastic Beam uses Gateway policies to implement this incremental security with a sideband deployment within existing or new implementations.

SC: You are leveraging Artificial Intelligence in your algorithm, how is it useful compared to standard pattern detection?

BH: The key advantage is that with AI you no longer need to know about the specific attack pattern used by a hacker in order to recognize malicious activities. It even recognizes constantly changing attacks and is immune to the various updates and changes that hackers may implement.

This is really important as older generation tools need to be programmed with attack details via rules or code that must be constantly updated by the Ops team as hackers keep changing their methods.

Our AI algorithms (patent-pending) detect API sessions that deviate from normal. The secret sauce is not only in the algorithms but also in the implementation to do this at massive scale. This is the needle in the haystack problem. You have 120,000 transactions per second … and one of them is a hacker stealing credit card and private information or taking your customer data out!

David Berlind, editor and chief of Programmable Web and one of the most notable voices in the API space articulates our unique approach eloquently in this write-up:

“…unlike other security solutions in the way they are based on patterns. If you think of traditional security solutions like antivirus that look for patterns of intrusion, what Harguindeguy says is true. Elastic Beam’s solutions are not quietly running in the background waiting to pounce on some recognized pattern of intrusion. Rather, the artificial intelligence inside is actually doing the opposite. It is constantly watching for a non-pattern, only pouncing when the unexpected happens.”

SC: Which level of granularity do you offer in terms of API security?

BH: Our software is capable of tracking detailed information about every access. We deliver reports that identify every method used on any API at any time. We associate the IP address, the API key, or token or cookie used with every session.

SC: Which dashboard do you provide and how do you alert IT security teams?

BH: When procuring our solution you receive a dashboard, with ElasticSearch Kibana as the underlying platform, that graphically displays a vast array of API cybersecurity related information including time-series reports on attack activities.

All of the information made available by our solution can be accessed via one of our APIs. This is the API that we use ourselves to drive our dashboard and reports. That same API can be used by any enterprise dashboard to ingest valuable information on the security posture of the API infrastructure. Any JSON-based reporting engine can also be used to deliver custom reports that match the DevOps or security team’s needs.

SC: What about false positives?

BH: Our AI algorithms classify attacks amongst three buckets: normal sessions, anomalies, and attacks. When we classify a session as an attack it is because the probability of a false positive at that time is extremely low. Our AI engine keeps learning changes in the environment and adapts automatically to those changing conditions. Consequently, as new updates and new APIs are deployed, our AI engine tunes itself automatically. This adaptive, API behavior-based approach ensures that friendly traffic is rarely flagged as malicious. For those environments that are extremely risk averse, as those of government organizations, we offer the ability to additionally tune the environment manually.

SC: Can you give an example of a recent malicious attack your solution could detect that any other solution would have missed?

BH: Although Instagram has not provided details of its API breach (announced in August 2017) which exposed customer account information, information published about the attack gives us a strong indication that the nefarious behavior deviated significantly from normal behavior or from the way developers intended their APIs to be used. Our AI powered behavioral security engine would likely have detected the attack.

We also believe that we would have detected the TMobile “attacks” (announced in October 2017) that exploited an API vulnerability to gather user account information.

We have been involved recently with API DoS/DDoS attacks that destroyed a mobile app user experience or disconnected consumers from a service. No solution on the market could stop those attacks as they were targeted and not about volumes of requests.

SC: Who are your competitors and how you do position against them?

BH: A few companies are focused on detecting botnet attacks on the login services of web applications. However APIs used by mobile and enterprise applications require a very different set of countermeasures to automatically block targeted attacks and provide rich details on every session.

To date we are first to market and have no direct competition – as was concluded by Programmable Web, 451 Research, and Gartner.

BH: A core part of our GTM strategy is to work with industry partners, system integrators and resellers. We are quite selective and are keen to cultivate relationships with partners that are hyper focused on Digital Transformation projects. Currently we have about a dozen partners spanning the globe from North America and Europe to India and Australia.

SC: Thank you Bernard, this was a great interview. I wish you a lot of success for 2018.

]]>https://apifriends.com/2018/01/09/elastic-beam/feed/09675API versus EDI: can APIs replace EDI for B2B communications?https://apifriends.com/2017/12/20/api_versus_edi/
https://apifriends.com/2017/12/20/api_versus_edi/#respondWed, 20 Dec 2017 15:55:43 +0000https://apifriends.com/?p=9646EDI (Electronic Data Interchange) is a proven technology since early 1980s for the exchange of information between enterprises and organizations. EDI formats such as EDIFACT, ebXML and EDIG@S are the standards for data exchange in major industrial sectors such as transport and logistics, distribution, manufacturing and utilities. The use of EDI is particularly prevalent in […]

]]>EDI (Electronic Data Interchange) is a proven technology since early 1980s for the exchange of information between enterprises and organizations. EDI formats such as EDIFACT, ebXML and EDIG@S are the standards for data exchange in major industrial sectors such as transport and logistics, distribution, manufacturing and utilities. The use of EDI is particularly prevalent in supply chain processes.

EDI provides a strict framework for well-coded business processes where all parties agree on specific formats for business documents to be exchanged such as invoices, purchase orders, shipment notices. EDI also defines advanced rules for dealing with content, and the relationships between items in a document – such as an invoice number or the amount billed.

EDI exchanges, historically present in the supply chain industry, allow for a solid structuring of data, especially for B2B exchanges. However, EDI is not fit for integrating different vertical software tools (CAD / CAM, PLM, MES, etc.) that are not natively designed to communicate with one another, nor with the millions of IOT objects, nor with the sensors, manufacturing robots, and the products in the course of production which in the future will be equipped with communication mechanisms.

APIs (Application Programming Interface) allow new types of interaction and transactions by exposing the functionality and services of an application to the outside world. The applications can thus consume the services of each other, giving rise to a data exchange. Via APIs, customers, partners and employees now have access to business and data services at any time on any device and from any source.

A communication approach by APIs is a good way to respond to new communication requirements for both B2B and A2A settings. Given the volume of data and the disparity of systems involved, efficient data flows within vast industrial ecosystems (tools, machines, production lines spread over several geographical sites, production and logistics entities, etc.) requires a well thought-out rationalization.

An ideal remedy in this case would be to consolidate the integration and exchange environment into a single system that governs the flow of both EDI and API data transactions. Such a system would allow centralized visibility across all data streams, accurate monitoring of enterprise performance, and enhanced security. It would also make it possible to monetize data by ensuring that client and partner commitments are visible and measurable.

The following table highlights the differences and complementarities between EDI and API data integration systems:

Examples of EDI-based transactions include the exchange of standard documents such as purchase orders, shipping notices and invoices. B2B applications via the REST / Web Services API include shipment traceability, exception handling on damaged items, or interrupted processes. Finally, examples of B2B applications that can use either EDI or Web services or REST APIs include customs declarations (such as manifests) as a consumed service, and the corresponding response as an exposed service.

API-based transactions can implement complementary services that are not integrated with EDI standards – services that provide visibility into transport tracking, volume statistics, SLAs, and error rates, for example. They also include interactive handling of exceptions such as transport cancellation and exception notifications.